Banish Security Blunders with an Error-prevention Process : Page 3

Traditionally, application security is an afterthoughtwe build our apps and try to poke holes in them later. Why not take potential security breaches into account from the very beginning? The Automated Error Prevention Methodology provides a framework you can use to integrate security concerns into your app development right from the start.

by Dr. Adam Kolawa

Apr 8, 2004

Page 3 of 4

Security Problem #2: Buffer Overflow Vulnerabilities
Buffer overflows are a standard problem that affect C/C++ applications all too often. Buffer overflow attacks occur when a hacker manages to pass an input through all the program's built-in defenses and write to the buffer. It is only possible when the hacker is able to find and exploit a memory corruption bug in the application.

For example, assume that your C++ application has an array or a memory chunk on the stack, and a memory issue makes it possible to write beyond the size of the array or memory chunk, and overwrite the return address of the function. The hacker can exploit this weakness so that the function returns to a hacker-designated function, or so that the function executes a hacker-designated operation. In fact, some recently-discovered buffer overflows in major operating systems give hackers license to perform a variety of malicious actions, such as causing the system to fail, installing programs, viewing, changing, and deleting data, modifying any part of the system, and creating accounts with full privileges.

Developers traditionally try to handle buffer overflow exploits by limiting the size of the input or by verifying the input. However, it's easy to miss cases if you have no procedure for identifying all the inputs which need to be checked. To actually remove the opportunity for these attacks, you need ensure that memory corruption bugs do not occur in the released or deployed version of your software.

Implementing Buffer Overflow Best Practices
Memory corruption bugs can be prevented during integration testing. The application should be compiled with a runtime error detection tool, which detects memory corruption and pinpoints where the program is overwriting memory. As the application is being stimulated and exercised by the regression test suites, any memory corruption should be identified. You can then prevent security vulnerabilities by fixing the problem as soon as possible.